Hackers are posting verified Zoom accounts on the dark web

Zoom Video Communications (ZM) has been the saving grace for millions of people stuck at home, trying to figure out how to work and maintain social relationships in isolation. But the videoconferencing platform has already become a target for scammers, according to a cybersecurity firm that monitors the dark web, the internet’s unlisted phone book of shady sites.

“On April 1st, an actor in a popular dark web forum posted a link to a collection of 352 compromised Zoom accounts,” a spokesperson for cybersecurity firm Sixgill wrote in an email. “In comments on this post, several actors thanked him for the post, and one revealed intentions to troll the meetings.”

Sixgill said these links included email addresses, passwords, meeting IDs, host keys and names, and the type of Zoom account. Most were personal, but not all.

According to Sixgill, “one belonged to a major U.S. healthcare provider, seven more to various educational institutions, and one to a small business.”

The accounts were listed for anyone to download, with the intent to troll and disrupt rather than profit. But given that many are using Zoom for business purposes, confidential information could be compromised.

Google (GOOG, GOOGL) Hangouts and Meet, Skype (MSFT), and Slack (WORK) have seen spikes in usage as work from home soared in March, and Zoom has taken off as one of the newer videoconferencing options. Rapidly, it’s become the go-to platform for canceled schools to figure out how to turn the home into a classroom, for friends and family to see each other, as well as a critical tool for many businesses.

But recently, Zoom has been under scrutiny for privacy and data concerns and CEO Eric Yuan has admittedmultiple times that the company had some “missteps” and moved too fast, failing to stem security issues like “Zoombombing,” where someone crashes and disrupts a meeting. Someone even built an automated tool to find Zoom meetings to crash, highlighting the need for users to implement passwords on meetings.

Zoom told Yahoo Finance that the company is “looking into” the problems. Earlier the company said it would be focusing on improving security before new features.

Lots of tools for sale to take advantage of coronavirus

Lauryn Morley, a lower school substitute teacher for the Washington Waldorf School in Bethesda, Md., works from her home due to the Coronavirus outbreak on April 1, 2020 in Arlington, Virginia. (Photo by OLIVIER DOULIERY/AFP via Getty Images)

Sixgill and other cybersecurity firms tell Yahoo Finance that the dark web has been rife with tools for scammers.

So far, the coronavirus pandemic is causing a dual health and economic crisis simultaneously, both resulting in a staggering death toll and massive unemployment numbers — stoking fears and making people stressed and vulnerable to scams, experts say.

Those fears, coupled with confusion surrounding incoming stimulus payments, have laid the perfect foundation for scammers to take advantage. Already, the FTC said it got more than 7,800 complaints regarding scams, resulting in a median loss of $598 per person.

According to cybersecurity firm Binary Defense’s Randy Pargman, a former member of the FBI’s Cyber Task Force, many of the phishing tools sold and traded in criminal forums can easily be used for coronavirus-themed attacks by rewriting the text of the emails.

“It appears that people are re-purposing a variety of phishing kits by adding coronavirus and health organization images and text to them,” said Pargman.

Pargman noted other potential malfeasance, like someone in a forum offering to sell a list of over 900 usernames, email addresses and passwords that the seller claimed to be stolen from a “medical website.”

“It doesn’t mention coronavirus directly,” said Pargman, “but it could possibly be used for phishing or attempting to access medical professionals’ accounts if they re-used the same password for other accounts as they used on whatever medical website the information came from.”

The Zoom video meeting and chat app has become the wildly popular host to millions of people working and studying from home during the coronavirus outbreak. (Photo by OLIVIER DOULIERY/AFP via Getty Images)

Sixgill has also seen significant chatter suggesting that threat actors see this crisis as the “perfect opportunity for performing other illegal activities, such as smuggling illicit goods with impunity,” the firm said in a report, which found that actors are also seeking to “hoard or sell medical items such as ventilators, masks, and testing kits.”

Mercifully, the report said, “we could not locate anyone selling truckloads of toilet paper (we searched).” However, Reuters reported that sellers were listing N95 masks at steep markups, to be bought via bitcoin.

Both Sixgill and Pargman reported seeing people sell “vaccines” on the dark web, which raises the possibility that dark web users themselves might be getting scammed on the platform.

“Most alarmingly,” Sixgill researchers wrote, “we located a post in which an actor claims to be auctioning access to the cloud platform of a top-200, politically-themed U.S. website. The actor notes that purchase of this access is ‘great for raising panic about the coronavirus.’”

The auction began at $20,000.

--

Ethan Wolff-Mann is a writer at Yahoo Finance focusing on consumer issues, personal finance, retail, airlines, and more. Follow him on Twitter @ewolffmann.